[midPoint] Assigning roles based on attribute values

Ivan Noris ivan.noris at evolveum.com
Wed Mar 19 20:49:59 CET 2014 

Hi Paul,

I'm not sure what have you already done in the object template, but
maybe this snippet may be usable for you, or for someone on this list:

The mapping is in default user template and is assigning the "Employee"
role based on the conditions. If the condition is false, the role is
unassigned (i.e. when the employee leaves the company).

    <mapping>
    <name>EXAMPLE User Template: EXAMPLE Employee Role</name>
        <source>
            <path>employeeType</path>
        </source>
    <source>
        <name>employeeActive</name>
        <path>$user/extension/example:employeeActive</path>
    </source>
        <expression>
            <value>
                <assignment>
            <targetRef oid="ef2bc95b-76e0-48e2-86d6-c000ff000001"
type="c:RoleType"/>
        </assignment>
            </value>       
        </expression>
        <target>
            <path>assignment</path>
        </target>
        <condition>
            <script>
               
<language>http://midpoint.evolveum.com/xml/ns/public/expression/language#Groovy</language>
                <code>
basic.stringify(employeeType) == 'EMP' && employeeActive == true
</code>
            </script>
    </condition>
    </mapping>

Hope this helps.

Regards,
IVan



On 03/19/2014 05:51 PM, Paul Heaney wrote:
> Hi,
>
> Up until now I've been assigning roles to users at creation time using
> an object template which has been working well now I need to update
> roles on users based on properties of the user (e.g. changing from
> student to Alumni). From reading the wiki it should be possible to do
> this using a mapping though I don't seem to be able configure a roles
> assignment from a mapping, I've checked the examples and schema
> definitions and don't appear to find the correct syntax.
>
> If anyone could point me in the right direction I'd be most great full.
>
> Thanks
> Paul
> _______________________________________________
> midPoint mailing list
> midPoint at lists.evolveum.com
> http://lists.evolveum.com/mailman/listinfo/midpoint

-- 
  Ing. Ivan Noris
  Senior Identity Management Engineer
  evolveum.com
  ___________________________________________________
  "Semper cautus - semper paratus - semper idem Vix."

More information about the midPoint mailing list